Well that that is not a very high bar. Writing a better DNS server than bind is very welcome but not actually a daunting feat. I did this several years ago as an undergrad. I had set out only to modify BIND 8 only to find the source is a big ball of spaghetti code. It then became pretty obvious why there were regular exploits.
The real problem with program verification is the C programming language. In C, the compiler has no clue what's going on with arrays, because of the "pointer=array" mistake. You can't even talk about the size of a non-fixed array in the language.
__builtin_object_size works rather well if you need the compiler itself insert instrumentation. C affords users the option to have API defined zero-copy references, instrumented (reference tracked) zero-copy references, or copying. It sounds like you have interacted with programmers who have made poor choices.
This is the cause of most of the buffer overflows in the world. Every day, millions of computers crash and millions are penetrated by hostile code from this single bad design decision.
Once again, the decisions are available to a programmer. Better compilers provide the needed tools. Sounds like you want -fstrict-aliasing
That's why I got out of program verification when C replaced Pascal. I used to dothis stuff.
Good program verification systems have been written for Modula 3, Java, C#, and Verilog. For C, though, there just isn't enough information in the source to do it right. Commercial tools exist, but they all have holes in them.
I think you need to read: http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html and: http://gcc.gnu.org/onlinedocs/gcc/Variable-Attributes.html
Compiler attribution combined with splint directives like/*@fallthrough@*/ in a switch statement make software rather checkable without sacrificing speed or readability.
GCC has a number of options that add static checking. Additionally splint (when properly parametrized) will catch a number of other common gaffs. Who ever said C does not express enough to add checking clearly does not understand the problem. The syntactic sugar in many popular languages actually adds complexity. Some implicit garbage collection, pooling and threading mechanisms add non-deterministic qualities which make *static* checking a np problem. If you are smart enough to keep your aliasing confined and tagged there is little danger in C and the simple syntax makes static checking easier.
Also of note valgrind is an excellent tool suite but it is not a *static* checker.
HTML is a text format. Most editors have customizable, context-sensitive highlighting. Are you perhaps referring to 4GL type languages? The reason why you cannot use pictorial languages as effectively is that programming is ultimately a linguistic operation. It would take a long time for a mime to display many concepts that can be spoken/written easily.
If you increase the width too much it hurts your ability to do side by side diffs and merges. Copy-paste jobs and emailing code snippets are also made more challenging. I find that people are confused about what constitutes productive verbosity. Things like namespaces (like 'gtk_') and non-structural function names can be kept small (like 'strdup'). I have been coming across a lot of fully typed out namespaces and function names like 'convert_integer_to_string' which actually hurts readability.
I would be nice if everything was tagged though wouldn't it. I could have found out what the underwear gnomes were doing with my clothes (step 1 - steal underwear, step 2, step 3 - make money [South Park]). Ever since I was young I wanted to write a program to decide what I should wear and wash based upon the weather and prior wear patterns. I thought that if the manufactures were including tags it was only a matter of time before there were detectors available for home use. Oh well, defeated by conspiracy theory.
Alow myself to introduce myself... I am a LuFOG webmaster and cofounder. Last year when starting this group we found that the thing that drew the most people were speakers (Joe Aruda - VA, ESR).
Now LuFOG has lost a little steam and were looking to charge it back up. We tried having internal people speak and well... I have as much inflection as Ben Stein, so that didn't work out. Joe was a pretty good speaker (he better be if he wants to do sales) and ESR was very good (and we got credit for Software Engr. class for attending). We want more, not just for us but for the university to get exposure.
BTW we can indeed lobby for money if the speaker is worth it. I don't want us to sound to poor because were not, we just have to beg for what we have.
I work for Lockheed Martin and get to visit the DoD all the time and I have seen rooms full of linux boxes (and some SGIs) so I don't understand what you're talking about. Maybe it is a coastal thing but here in the east Linux is in heavy use in the DoD, at least as far as I've seen.
Am I the only one who thinks the action should have been better? I don't mean more explosions or more gore. I mean the fight scenes, well, quite frankly sucked. I understand that at this point in the story the heroes are wet behind the ears and not quite as skilled, but obviously they have some training. I was looking for at least Jet Li type wire effects if not a Jackie Chan style ass woopin. These guys are supposed to have super powers more-or-less right? I guess what I'm saying is I got superman where I expected Batman. The other thing that bothers me is the girl who could walk through walls. Ok now I can settle fine for laser beams coming someone's eyes and a fast healing rate but someone care to enlighten me as to how in "Zeus's butt-hole" a mutation would cause somebody to be able to walk through walls? Throw me a freakin bone here.
Slashdot Mirror
Well that that is not a very high bar. Writing a better DNS server than bind is very welcome but not actually a daunting feat. I did this several years ago as an undergrad. I had set out only to modify BIND 8 only to find the source is a big ball of spaghetti code. It then became pretty obvious why there were regular exploits.
__builtin_object_size works rather well if you need the compiler itself insert instrumentation. C affords users the option to have API defined zero-copy references, instrumented (reference tracked) zero-copy references, or copying. It sounds like you have interacted with programmers who have made poor choices.The real problem with program verification is the C programming language. In C, the compiler has no clue what's going on with arrays, because of the "pointer=array" mistake. You can't even talk about the size of a non-fixed array in the language.
This is the cause of most of the buffer overflows in the world. Every day, millions of computers crash and millions are penetrated by hostile code from this single bad design decision.
Once again, the decisions are available to a programmer. Better compilers provide the needed tools. Sounds like you want -fstrict-aliasingThat's why I got out of program verification when C replaced Pascal. I used to do this stuff.
I think you need to read:Good program verification systems have been written for Modula 3, Java, C#, and Verilog. For C, though, there just isn't enough information in the source to do it right. Commercial tools exist, but they all have holes in them.
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
and:
http://gcc.gnu.org/onlinedocs/gcc/Variable-Attributes.html
Compiler attribution combined with splint directives like
GCC has a number of options that add static checking. Additionally splint (when properly parametrized) will catch a number of other common gaffs. Who ever said C does not express enough to add checking clearly does not understand the problem. The syntactic sugar in many popular languages actually adds complexity. Some implicit garbage collection, pooling and threading mechanisms add non-deterministic qualities which make *static* checking a np problem. If you are smart enough to keep your aliasing confined and tagged there is little danger in C and the simple syntax makes static checking easier.
Also of note valgrind is an excellent tool suite but it is not a *static* checker.
HTML is a text format. Most editors have customizable, context-sensitive highlighting. Are you perhaps referring to 4GL type languages? The reason why you cannot use pictorial languages as effectively is that programming is ultimately a linguistic operation. It would take a long time for a mime to display many concepts that can be spoken/written easily.
If you increase the width too much it hurts your ability to do side by side diffs and merges. Copy-paste jobs and emailing code snippets are also made more challenging. I find that people are confused about what constitutes productive verbosity. Things like namespaces (like 'gtk_') and non-structural function names can be kept small (like 'strdup'). I have been coming across a lot of fully typed out namespaces and function names like 'convert_integer_to_string' which actually hurts readability.
You could do it yourself by converting the walking maps into a weighted directed graph and running dijkstra routing on it.
I would be nice if everything was tagged though wouldn't it. I could have found out what the underwear gnomes were doing with my clothes (step 1 - steal underwear, step 2, step 3 - make money [South Park]). Ever since I was young I wanted to write a program to decide what I should wear and wash based upon the weather and prior wear patterns. I thought that if the manufactures were including tags it was only a matter of time before there were detectors available for home use. Oh well, defeated by conspiracy theory.
Aron
Alow myself to introduce myself... I am a LuFOG webmaster and cofounder. Last year when starting this group we found that the thing that drew the most people were speakers (Joe Aruda - VA, ESR).
Now LuFOG has lost a little steam and were looking to charge it back up. We tried having internal people speak and well... I have as much inflection as Ben Stein, so that didn't work out. Joe was a pretty good speaker (he better be if he wants to do sales) and ESR was very good (and we got credit for Software Engr. class for attending). We want more, not just for us but for the university to get exposure.
BTW we can indeed lobby for money if the speaker is worth it. I don't want us to sound to poor because were not, we just have to beg for what we have.
Aron
I work for Lockheed Martin and get to visit the DoD all the time and I have seen rooms full of linux boxes (and some SGIs) so I don't understand what you're talking about. Maybe it is a coastal thing but here in the east Linux is in heavy use in the DoD, at least as far as I've seen.
Am I the only one who thinks the action should have been better? I don't mean more explosions or more gore. I mean the fight scenes, well, quite frankly sucked. I understand that at this point in the story the heroes are wet behind the ears and not quite as skilled, but obviously they have some training. I was looking for at least Jet Li type wire effects if not a Jackie Chan style ass woopin. These guys are supposed to have super powers more-or-less right? I guess what I'm saying is I got superman where I expected Batman. The other thing that bothers me is the girl who could walk through walls. Ok now I can settle fine for laser beams coming someone's eyes and a fast healing rate but someone care to enlighten me as to how in "Zeus's butt-hole" a mutation would cause somebody to be able to walk through walls? Throw me a freakin bone here.